๐Ÿ” CVE Alert

CVE-2026-14890

UNKNOWN 0.0

CVE-2026-14890

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when the feature is enabled and the service is reachable over the network.

Vendor sglang
Product sglang
Published Jul 16, 2026
Last Updated Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for sglang sglang

Be the first to know when new unknown vulnerabilities affecting sglang sglang are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

SGLang / SGLang
0 โ‰ค 0.5.14

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/sgl-project/sglang/blob/main/python/sglang/srt/elastic_ep/expert_backup_manager.py vince.cert.org: http://vince.cert.org/vuls/id/326070 kb.cert.org: https://www.kb.cert.org/vuls/id/326070